Skip to content

Commit

Permalink
[release/8.0-staging] Implement faster RSA key check
Browse files Browse the repository at this point in the history
Co-authored-by: Kevin Jones <kevin@vcsjones.com>
  • Loading branch information
github-actions[bot] and vcsjones authored Feb 12, 2024
1 parent 00c95a6 commit c192fba
Show file tree
Hide file tree
Showing 6 changed files with 317 additions and 12 deletions.
23 changes: 23 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/apibridge.c
Original file line number Diff line number Diff line change
Expand Up @@ -442,6 +442,14 @@ void local_RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM
}
}

int local_RSA_get_multi_prime_extra_count(const RSA* rsa)
{
(void)rsa;
// OpenSSL before 1.1 does not support multi-prime RSA, so it implicitly
// has zero extra primes.
return 0;
}

int32_t local_RSA_set0_key(RSA* rsa, BIGNUM* n, BIGNUM* e, BIGNUM* d)
{
if (rsa == NULL)
Expand Down Expand Up @@ -909,4 +917,19 @@ int local_BN_is_zero(const BIGNUM* a)
return a->top == 0;
}

int local_BN_is_one(const BIGNUM* a)
{
return BN_abs_is_word(a, 1) && !a->neg;
}

int local_BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
{
return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
}

int local_BN_is_odd(const BIGNUM* a)
{
return (a->top > 0) && (a->d[0] & 1);
}

#endif
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,10 @@
#include "pal_types.h"

int local_ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm);
int local_BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int local_BN_is_zero(const BIGNUM* a);
int local_BN_is_odd(const BIGNUM* a);
int local_BN_is_one(const BIGNUM* a);
int local_BIO_up_ref(BIO *a);
const BIGNUM* local_DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey);
void local_DSA_get0_pqg(const DSA* dsa, const BIGNUM** p, const BIGNUM** q, const BIGNUM** g);
Expand All @@ -27,6 +30,7 @@ long local_OpenSSL_version_num(void);
void local_RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM** dmq1, const BIGNUM** iqmp);
void local_RSA_get0_factors(const RSA* rsa, const BIGNUM** p, const BIGNUM** q);
void local_RSA_get0_key(const RSA* rsa, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d);
int local_RSA_get_multi_prime_extra_count(const RSA* r);
int32_t local_RSA_meth_get_flags(const RSA_METHOD* meth);
int32_t local_RSA_set0_crt_params(RSA* rsa, BIGNUM* dmp1, BIGNUM* dmq1, BIGNUM* iqmp);
int32_t local_RSA_set0_factors(RSA* rsa, BIGNUM* p, BIGNUM* q);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -185,10 +185,11 @@ struct bio_st
int references;
};

struct bignum_st {
const void* _ignored1;
struct bignum_st
{
BN_ULONG *d;
int top;
int _ignored2;
int _ignored3;
int _ignored4;
int dmax;
int neg;
int flags;
};
35 changes: 35 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/opensslshim.h
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0_RTM

// Remove problematic #defines
#undef BN_abs_is_word
#undef BN_is_odd
#undef BN_is_one
#undef BN_is_zero
#undef SSL_get_state
#undef SSL_is_init_finished
Expand Down Expand Up @@ -200,15 +203,28 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
FALLBACK_FUNCTION(BIO_up_ref) \
REQUIRED_FUNCTION(BIO_s_mem) \
REQUIRED_FUNCTION(BIO_write) \
FALLBACK_FUNCTION(BN_abs_is_word) \
REQUIRED_FUNCTION(BN_bin2bn) \
REQUIRED_FUNCTION(BN_bn2bin) \
REQUIRED_FUNCTION(BN_clear_free) \
REQUIRED_FUNCTION(BN_cmp) \
REQUIRED_FUNCTION(BN_div) \
REQUIRED_FUNCTION(BN_dup) \
REQUIRED_FUNCTION(BN_free) \
REQUIRED_FUNCTION(BN_gcd) \
FALLBACK_FUNCTION(BN_is_odd) \
FALLBACK_FUNCTION(BN_is_one) \
FALLBACK_FUNCTION(BN_is_zero) \
REQUIRED_FUNCTION(BN_mod_inverse) \
REQUIRED_FUNCTION(BN_mod_mul) \
REQUIRED_FUNCTION(BN_mul) \
REQUIRED_FUNCTION(BN_new) \
REQUIRED_FUNCTION(BN_num_bits) \
REQUIRED_FUNCTION(BN_set_word) \
REQUIRED_FUNCTION(BN_sub) \
REQUIRED_FUNCTION(BN_value_one) \
REQUIRED_FUNCTION(BN_CTX_new) \
REQUIRED_FUNCTION(BN_CTX_free) \
LEGACY_FUNCTION(CRYPTO_add_lock) \
REQUIRED_FUNCTION(CRYPTO_free) \
REQUIRED_FUNCTION(CRYPTO_get_ex_new_index) \
Expand Down Expand Up @@ -474,6 +490,7 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(RSA_free) \
REQUIRED_FUNCTION(RSA_generate_key_ex) \
REQUIRED_FUNCTION(RSA_get_method) \
FALLBACK_FUNCTION(RSA_get_multi_prime_extra_count) \
FALLBACK_FUNCTION(RSA_get0_crt_params) \
FALLBACK_FUNCTION(RSA_get0_factors) \
FALLBACK_FUNCTION(RSA_get0_key) \
Expand Down Expand Up @@ -700,15 +717,28 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define BIO_up_ref BIO_up_ref_ptr
#define BIO_s_mem BIO_s_mem_ptr
#define BIO_write BIO_write_ptr
#define BN_abs_is_word BN_abs_is_word_ptr
#define BN_bin2bn BN_bin2bn_ptr
#define BN_bn2bin BN_bn2bin_ptr
#define BN_clear_free BN_clear_free_ptr
#define BN_cmp BN_cmp_ptr
#define BN_div BN_div_ptr
#define BN_dup BN_dup_ptr
#define BN_free BN_free_ptr
#define BN_gcd BN_gcd_ptr
#define BN_is_odd BN_is_odd_ptr
#define BN_is_one BN_is_one_ptr
#define BN_is_zero BN_is_zero_ptr
#define BN_mod_inverse BN_mod_inverse_ptr
#define BN_mod_mul BN_mod_mul_ptr
#define BN_mul BN_mul_ptr
#define BN_new BN_new_ptr
#define BN_num_bits BN_num_bits_ptr
#define BN_set_word BN_set_word_ptr
#define BN_sub BN_sub_ptr
#define BN_value_one BN_value_one_ptr
#define BN_CTX_free BN_CTX_free_ptr
#define BN_CTX_new BN_CTX_new_ptr
#define CRYPTO_add_lock CRYPTO_add_lock_ptr
#define CRYPTO_free CRYPTO_free_ptr
#define CRYPTO_get_ex_new_index CRYPTO_get_ex_new_index_ptr
Expand Down Expand Up @@ -977,6 +1007,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define RSA_get0_factors RSA_get0_factors_ptr
#define RSA_get0_key RSA_get0_key_ptr
#define RSA_get_method RSA_get_method_ptr
#define RSA_get_multi_prime_extra_count RSA_get_multi_prime_extra_count_ptr
#define RSA_meth_get_flags RSA_meth_get_flags_ptr
#define RSA_new RSA_new_ptr
#define RSA_pkey_ctx_ctrl RSA_pkey_ctx_ctrl_ptr
Expand Down Expand Up @@ -1236,6 +1267,9 @@ FOR_ALL_OPENSSL_FUNCTIONS

// Alias "future" API to the local_ version.
#define ASN1_TIME_to_tm local_ASN1_TIME_to_tm
#define BN_abs_is_word local_BN_abs_is_word
#define BN_is_odd local_BN_is_odd
#define BN_is_one local_BN_is_one
#define BN_is_zero local_BN_is_zero
#define BIO_up_ref local_BIO_up_ref
#define DSA_get0_key local_DSA_get0_key
Expand All @@ -1253,6 +1287,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define HMAC_CTX_free local_HMAC_CTX_free
#define HMAC_CTX_new local_HMAC_CTX_new
#define OpenSSL_version_num local_OpenSSL_version_num
#define RSA_get_multi_prime_extra_count local_RSA_get_multi_prime_extra_count
#define RSA_get0_crt_params local_RSA_get0_crt_params
#define RSA_get0_factors local_RSA_get0_factors
#define RSA_get0_key local_RSA_get0_key
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
#pragma once
#include "pal_types.h"

#undef BN_abs_is_word
#undef BN_is_odd
#undef BN_is_one
#undef BN_is_zero
#undef SSL_CTX_set_options
#undef SSL_set_options
Expand All @@ -21,6 +24,9 @@ typedef struct stack_st OPENSSL_STACK;
#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L

int ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm);
int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_is_odd(const BIGNUM* a);
int BN_is_one(const BIGNUM* a);
int BN_is_zero(const BIGNUM* a);
int BIO_up_ref(BIO* a);
const BIGNUM* DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey);
Expand Down Expand Up @@ -52,6 +58,7 @@ const RSA_METHOD* RSA_PKCS1_OpenSSL(void);
void RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM** dmq1, const BIGNUM** iqmp);
void RSA_get0_factors(const RSA* rsa, const BIGNUM** p, const BIGNUM** q);
void RSA_get0_key(const RSA* rsa, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d);
int RSA_get_multi_prime_extra_count(const RSA* r);
int32_t RSA_meth_get_flags(const RSA_METHOD* meth);
int32_t RSA_pkey_ctx_ctrl(EVP_PKEY_CTX* ctx, int32_t optype, int32_t cmd, int32_t p1, void* p2);
int32_t RSA_set0_crt_params(RSA* rsa, BIGNUM* dmp1, BIGNUM* dmq1, BIGNUM* iqmp);
Expand Down
Loading

0 comments on commit c192fba

Please sign in to comment.